Re: Good HTML parser needed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Can anyone provide some code that can't be stripped by strip_tags?


On 5/15/08, Eric Butera <eric.butera@xxxxxxxxx> wrote:
> On Wed, May 14, 2008 at 11:38 AM, Robert Cummings <robert@xxxxxxxxxxxxx> wrote:
>  >
>  >
>  >  On Wed, 2008-05-14 at 11:18 -0400, Eric Butera wrote:
>  >  > On Tue, May 13, 2008 at 4:07 AM, James Dempster <letssurf@xxxxxxxxx> wrote:
>  >  > > http://htmlpurifier.org/
>  >  > >
>  >  > >  --
>  >  > >  /James
>  >  > >
>  >  >
>  >  > This is the only real solution.
>  >
>  >  That depends... if I'm the webmaster and I want to input arbitrary HTML,
>  >  then htmlpurifier is unnecessary.
>  >
>  >
>  >
>  >  Cheers,
>  >  Rob.
>  >  --
>  >  http://www.interjinn.com
>  >  Application and Templating Framework for PHP
>  >
>  >
>
>
> OP said "users."  Strip tags doesn't bother with tag attributes so
>  that is a security hole.  Any regex type solution will encounter the
>  same set of issues.
>
>  Htmlpurifier actually strips down and re-builds your html from the
>  ground against a nice whitelist filtering system that you can
>  customize to your needs.  No nasty tags/attributes will get through
>  unless you want them to.
>
>
>  --
>  PHP General Mailing List (http://www.php.net/)
>  To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
Regards,
Wang Yi

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux